Vulnerabilities > Vmware > Workstation > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-04 CVE-2025-22224 Unspecified vulnerability in VMWare products
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
local
low complexity
vmware
8.2
2024-05-21 CVE-2024-22273 Out-of-bounds Write vulnerability in VMWare products
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.
local
low complexity
vmware CWE-787
7.8
2024-05-14 CVE-2024-22267 Use After Free vulnerability in VMWare Fusion and Workstation
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
local
low complexity
vmware CWE-416
8.2
2023-04-25 CVE-2023-20869 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
local
low complexity
vmware CWE-787
8.2
2023-04-25 CVE-2023-20872 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
local
low complexity
vmware CWE-787
8.8
2023-02-03 CVE-2023-20854 Improper Privilege Management vulnerability in VMWare Workstation 17.0
VMware Workstation contains an arbitrary file deletion vulnerability.
local
low complexity
vmware CWE-269
8.4
2022-12-14 CVE-2022-31705 Out-of-bounds Write vulnerability in VMWare Esxi, Fusion and Workstation
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI).
local
low complexity
vmware CWE-787
8.2
2022-01-04 CVE-2021-22045 Out-of-bounds Write vulnerability in VMWare products
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation.
local
high complexity
vmware CWE-787
7.8
2021-09-15 CVE-2020-3960 Out-of-bounds Read vulnerability in VMWare Fusion, Vsphere Esxi and Workstation
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality.
local
low complexity
vmware CWE-125
8.4
2020-11-20 CVE-2020-4004 Use After Free vulnerability in VMWare products
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller.
local
low complexity
vmware CWE-416
8.2